| 제목 | ZBlog v1.7.4.3430 authorization flaw |
|---|
| 설명 | Z-BlogPHP contains a post-auth authorization flaw that allows low-privilege commenters to approve their own pending comments when comment moderation is enabled. Because the backend moderation logic incorrectly treats the comment author as an authorized actor, a commenter can bypass the intended review process and make their own comment publicly visible without administrator approval.
|
|---|
| 원천 | ⚠️ https://vulnplus-note.wetolink.com/share/31wtzNoJbxKQ |
|---|
| 사용자 | vulnplusbot (UID 96250) |
|---|
| 제출 | 2026. 04. 22. AM 11:53 (1 월 ago) |
|---|
| 모더레이션 | 2026. 05. 16. PM 02:48 (24 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 364334 [Z-BlogPHP 1.7.4.3430 Commend Approval c_system_event.php CheckComment 권한 상승] |
|---|
| 포인트들 | 19 |
|---|